pr-review
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes lint and build commands defined in local configuration files such as package.json, Makefile, or biome.json. This facilitates the execution of arbitrary shell commands defined within the codebase being reviewed.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted code changes that may contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: The skill reads uncommitted code changes and files from the base branch using git commands.
- Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the analyzed code.
- Capability inventory: The skill has permissions to write code changes to the filesystem and execute repository-defined scripts.
- Sanitization: The skill does not implement sanitization or validation of the ingested code content before processing it with review agents.
Audit Metadata